kernel/bpf-developer-tutorial
1
0
Fork 0
mirror of https://github.com/eunomia-bpf/bpf-developer-tutorial.git synced 2026-02-09 13:15:14 +08:00
Code Issues Packages Projects Releases Wiki Activity

docs: add complete source code links to various eBPF tutorial README files

Browse Source
This commit is contained in:
yunwei37
2025-10-05 22:47:39 -07:00
parent 277ecbaf9d
commit 5f29fd2d41
18 changed files with 41 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
src/34-syscall/README.md
View File

@@ -4,7 +4,8 @@ eBPF (Extended Berkeley Packet Filter) is a powerful feature in the Linux kernel
In this tutorial, we will explore how to use eBPF to modify the arguments of a running system call. This technique can be used for security auditing, system monitoring, or even malicious behavior. However, it is important to note that modifying system call arguments can have negative implications for system stability and security, so caution must be exercised. To implement this functionality, we will use the `bpf_probe_write_user` feature of eBPF, which allows us to modify memory in the user space and therefore modify system call arguments before the kernel reads them from user space.
The complete code for this tutorial can be found in the <https://github.com/eunomia-bpf/bpf-developer-tutorial/tree/main/src/34-syscall/> repository on GitHub.
> The complete source code: <https://github.com/eunomia-bpf/bpf-developer-tutorial/tree/main/src/34-syscall>
## Modifying the File Name of the `open` System Call